BLOG
Phishing with typo squatting tool
DNSTwist is a great tool for blue and red team. Github link : https://github.com/elceef/dnstwist or an online version : https://dnstwister.report/ This tool will generate a high amount of possibilities of typosquatting (addition, bitsquatting,homoglyph, hyphenation,...
Gathering Windows cred Hashes from the Network
There is a few known ways. The easiest 1st method is to listen to LLMNR broadcast. By Using Responder, our device will publish be the target and the victim will send it's creds to us as we are acting as MITM (Men in the Middle) Same goes for 2nd method, which is the...
Explore a Github in a new way
Imagine you want to explore and check some content of a repository, but you don't need the repo on your machine. Example: https://github.com/evilsocket/pwnagotchi Now try the following : http://gitpod.io/#/https://github.com/evilsocket/pwnagotchi
Palo Alto Networks misconfig in TMS
On Friday the 20th of December 2019 we realized that for a customer, the files that were analyzed by the Wildfire of PaloAltoNetworks via the TMS in Europe was using the Wildfire engine based in the US ! I raised an ticket, and with the help of our PAN SE, this issue...
Restrict documents uploads to Palo Alto Cloud and set WildFire settings to EU
In order to set Wildfire not to send to the American Global Wildfire. In PAN OS Device > Setup > WildFire and edit value to eu.wildfire.paloaltonetworks.com If you want less security because there is a requirements that no data is uploaded to the cloud. Change...
Unquoted service paths
When in the service definition path there is no quotes, the path can be interpreted differently by the OS. A service path with c:\progam files\sub dir\program name can be seen as follow ! c:\program.exe files\sub dir\program name c:\program...